In recent years, an increasing number of providers have begun offering the ability to create computing environments in the cloud. For example, in 2006, Amazon Web Services™ (also known as AWS) launched a service that provides users with the ability to configure an entire environment tailored to an application executed over a cloud platform. In general, such services allow for developing scalable applications in which computing resources are utilized to support efficient execution of the applications.
Organizations and businesses that develop, provide, or otherwise maintain applications have become accustomed to relying on these services and implementing various types of environments, from complex websites to applications and services provided as software-as-service (SaaS) delivery models. Such services and applications are collectively referred to as “cloud-based applications.”
Cloud-based applications are typically accessed by users using a client device via a web browser. Cloud-based applications include, among other things, e-commerce applications, social media applications, enterprise applications, gaming applications, media sharing applications, storage applications, software development applications, and so on. Many individual users, businesses, and enterprises turn to cloud applications in lieu of “traditional” software applications that are locally installed and managed. For example, an enterprise can use Office® 365 online services for email accounts, rather than having an Exchange® Server maintained by the enterprise.
As greater reliance is made on cloud-based applications, securing access to such cloud applications becomes increasingly important. For example, for an e-commerce application executed in a cloud-computing platform, any unauthorized access and/or data breach must be prevented to ensure protection of sensitive customer and business information such as, e.g., credit card numbers, names, addresses, and so on.
Providers of cloud computing platforms offer various security tools (e.g., systems, services, and functions) primary designed to protect their infrastructure against cyber-attacks or threats. A prime example for such a security tool is an authentication of any user accessing a cloud-based application. A basic authentication process would require a user attempting to access a cloud-based application to provide correct credentials in order to gain access. Examples for such credentials include a username, a password, biometrics, a secured token or key, an authentication code received through a secondary channel, any combination thereof, or any other type of credentials utilized during a login in or sign-on process.
An authentication process to one or more cloud-based applications is typically controlled by a federated identity management (FIdM) system, a single-sign-on (SSO) server, and the like. A FIdM system provides means for linking a person's electronic identity and attributes, stored across multiple distinct identity management systems. A SSO server typically ensures that when a user logs in to one application, the user will be signed in to every other application controlled by the SSO server, regardless of the platform, technology and domain. SSO servers and FIdM systems deployed in a cloud-computing platform typically implement policies and protocols to manage the identity of users and devices across organizations and prevent misuse of credentials by unauthorized users (e.g., hackers) or malicious software (e.g., bots).
To gain unauthorized access to a cloud-based application, an attempt would be made to bypass any FIdM system or SSO server deployed in the cloud computing platform or organization. Such an attempt is known a bypass vulnerability. That is, a bypass vulnerability exists or occurs when a user is able to access a cloud-based application while bypassing authentication means (e.g., a SSO server or FIdM system) deployed in the cloud-computing platform.
Exploitation of bypass vulnerabilities may result in unauthorized users gaining unrestricted access to sensitive information or in authorized users accessing sensitive information via unsecured or otherwise unauthorized channels. Further, unauthorized users that bypass the SSO are not subject to security policies enforced by the SSO.
Bypass vulnerabilities may be exploited by, e.g., altering fixed parameters, obscuring restricted uniform resource locators, injecting structured query language (SQL) that alters security functions, and so on. Alternatively, a bypass vulnerability may be exploited unintentionally due to, e.g., a mistake in the configuration of the cloud computing platform. The bypass vulnerability exploits frequently proceed unnoticed until well after the bypassing entities have had the opportunity to cause significant damage. As a result, it is difficult to determine the culprit(s) of the breach.
Therefore, it would be advantageous to provide an efficient solution for detecting bypass vulnerabilities with respect to cloud-based applications.